# Security Audit Normal connects users to established DeFi protocols on Stellar. We don't deploy our own custody or lending contracts, which means the audits that matter most for protecting your funds today are the ones covering the protocols Normal integrates with. All audits below can be reviewed publicly. #### **Integrated Protocol Audits** | Protocol | Auditor | Date | Status | Audit | | ------------- | ------------------- | ------------ | -------- | --------------------------------------------------------------------------------------- | | DeFindex | OtterSec | 2025 | Complete | [View](https://github.com/paltalabs/defindex/tree/main/audits) | | Blend Capital | Code4rena + Certora | March 2025 | Complete | [View](https://code4rena.com/audits/2025-02-blend-v2-audit-certora-formal-verification) | | Reflector | Code4rena | October 2025 | Complete | [View](https://code4rena.com/audits/2025-10-reflector-v3) | #### **Normal Protocol Audit History** | Deployment | Auditor | Date | Status | Audit | | -------------------- | ------- | --------- | -------- | ------------------------------------------------------------------------------ | | Stellar AMM (legacy) | Halborn | June 2025 | Complete | [View](https://github.com/normalfinance/normal-stellar-amm/tree/normal/audits) | Normal's earlier protocol architecture, which used custom AMM contracts on Stellar, was audited by Halborn in June 2025. That architecture has since been deprecated in favor of integrating with audited DeFi infrastructure (DeFindex, Blend, Reflector), which removes the need for Normal to maintain its own lending or custody contracts. The Halborn audit informed the security practices we still apply across the codebase today. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://normalfi.gitbook.io/normal/getting-started/protocol-and-security/security-audit.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.